On Sat, 5 Jul 2025, Martin Paljak wrote: > > The ssh community has rejected many approaches to TPM based keys, so > > the easiest way to use them is to use gpg-agent (for any 2.4 and up > > version of gpg) as the ssh agent backend and then simply use the gpg > > keytotpm command on keys you want to become only TPM accessible. > > Respectfully disagree. You're free to run any ssh-agent, and it makes various hardware elements play along pretty decently (like secretive for mac). > > For TPM2, see here: > > https://github.com/Foxboron/ssh-tpm-agent There are also ways to do it via PKCS#11, which lets you use the stock OpenSSH ssh-agent. > I'd only recommend going down the GPG path if you're already > established and invested in the GPG infrastructure/setup, but never > for beginners. +1 -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
